Ultrasurf proxy bypass

pcraponi · ‎12-07-2007

Hi, It' s possible block Ultrasurf? (http://www.ultrareach.com/company/download.htm) Is a proxy software for Windows that use random servers and port 443 with SSL to bypass the WebFilter.

Regards, Paulo Raponi

FortiRack_Eric · ‎12-07-2007

I' m not familiar with this particular proxy avoidance software. But in general, I strongly tend towards blocking all HTTPS sites altogether and white list a set of allowed sites. What also works is to block unrated sites in the protection profile. Don' t forget to block https.

Rackmount your Fortinet --> http://www.rackmount.it/fortirack

Victor · ‎12-12-2007

Eric: I don' t think you' ve worked for a school board. I have 150 sites and thousands of employees who are daily accessing https sites. The whitelist would grow daily and would - given our limited resources - prove unmanageable. In whitelisting them, your most reliable means is by ip rather then url, as the domain info on most certificates is invalid - even for legitimate sites. So you would add the ip addresses or ranges & create a whitelist group. Create a policy and allow https traffic to that whitelist group. Immediately below you would create a policy dropping all https traffic. We are not getting any revenue to pay for maintaining this list and in fact are paying out yearly to our appliance provider to seamlessly & relatively effortlessly filter out the unwanted material. Just my thoughts. Victor